Lucene search
+L
ThnMost viewed

20926 matches found

The Hacker News
The Hacker News
added 2023/04/08 5:4 a.m.61 views

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from Sout...

10CVSS10.1AI score0.63186EPSS
Exploits4
The Hacker News
The Hacker News
added 2023/01/18 10:20 a.m.61 views

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router...

2.4AI score0.11009EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/12/22 10:9 a.m.61 views

Two New Security Flaws Reported in Ghost CMS Blogging Software

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Ghost is an open source blogging platform that's used in more than 52,600 live websites, mos...

0.5AI score0.20196EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/12/09 5:16 p.m.61 views

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patche...

9.8CVSS1AI score0.36009EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/12/02 11:9 a.m.61 views

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...

10CVSS2AI score0.9967EPSS
Exploits10
The Hacker News
The Hacker News
added 2022/11/02 7:10 a.m.61 views

Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories

File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. "These repositories included our own copies of third-party libraries slightly...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/01 11:28 a.m.61 views

Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager SBM. The issue, characterized as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to...

7.5CVSS1.3AI score0.95335EPSS
Exploits5
The Hacker News
The Hacker News
added 2022/10/22 5:42 a.m.61 views

Critical Flaw Reported in Move Virtual Machine Powering the Aptos Blockchain Network

Researchers have disclosed details about a now-patched critical flaw in the Move virtual machine that powers the Aptos blockchain network. The vulnerability "can cause Aptos nodes to crash and cause denial of service," Singapore-based Numen Cyber Labs said in a technical write-up published earlie...

3.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/18 9:20 a.m.61 views

Hackers Using Bumblebee Loader to Compromise Active Directory Services

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/29 10:32 a.m.61 views

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions...

9.8CVSS1.8AI score0.99796EPSS
Exploits9
The Hacker News
The Hacker News
added 2022/02/28 11:35 a.m.61 views

CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA last week published an industrial control system ICS advisory related to multiple vulnerabilities impacting Schneider Electric's Easergy medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose...

8.8CVSS1.7AI score0.02822EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/01/20 1:18 p.m.61 views

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovic...

9.8CVSS8.5AI score0.03207EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/10/12 7:57 a.m.61 views

GitHub Revoked Insecure SSH Keys Generated by a Popular git Client

Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...

9.1CVSS0.1AI score0.02993EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/08/12 1:2 p.m.61 views

How Companies Can Protect Themselves from Password Spraying Attacks

Attackers are using many types of attacks to compromise business-critical data. These can include zero-day attacks, supply chain attacks, and others. However, one of the most common ways that hackers get into your environment is by compromising passwords. The password spraying attack is a special...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/12 7:6 a.m.61 views

IT Giant Accenture Hit by LockBit Ransomware; Hackers Threaten to Leak Data

Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown. "These people are beyond privacy and security. I...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/28 10:6 a.m.61 views

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/25 10:16 a.m.61 views

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros $2 million in illegal profits. Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/28 3:30 p.m.61 views

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/26 5:54 a.m.61 views

Russian Hydra DarkNet Market Made Over $1.3 Billion in 2020

Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016, marking a staggering 624% year-over-year jump over a three-year period from 2018 to 2020. "Further...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/12 7:51 a.m.61 views

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual even...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/05 9:20 a.m.61 views

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 12:12 p.m.61 views

New CISOs Survey Reveals How Small Cybersecurity Teams Can Confront 2021

The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same relative damages and consequences when breaches occur as the largest enterprises but are...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/12 10:11 a.m.61 views

MISSIONS — The Next Level of Interactive Developer Security Training

If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/22 7:49 a.m.61 views

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/01 12:25 p.m.61 views

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday...

7.8CVSS2.7AI score0.123EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/04/28 8:19 a.m.61 views

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The details come from a newly published research titled "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/23 9:10 a.m.61 views

User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption

For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar's accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming applications, and highlights key...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/25 10:37 a.m.61 views

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly doubl...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/17 5:18 p.m.61 views

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell SSH Protocol, yesterday announced th...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/27 1:17 p.m.61 views

Severe Flaws in SHAREit Android App Let Hackers Steal Your Files

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim's device. With over 1.5 billion users worldwide, SHAREit is a popular file...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/29 9:13 a.m.61 views

Europol Now Going After People Who Bought DDoS-for-Hire Services

If you were a buyer of any online DDoS-for-hire service, you might be in trouble. After taking down and arresting the operators of the world's biggest DDoS-for-hire service last year, the authorities are now in hunt for customers who bought the service that helped cyber criminals launch millions ...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/09/17 1:1 p.m.61 views

Ransomware Attack Takes Down Bristol Airport's Flight Display Screens

Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend. The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide...

Exploits0
The Hacker News
The Hacker News
added 2018/07/10 2:30 p.m.61 views

Gaza Cybergang Returns With New Attacks On Palestinian Authority

Security researchers from Check Point Threat Intelligence Team have discovered the comeback of an APT advanced persistent threat surveillance group targeting institutions across the Middle East, specifically the Palestinian Authority. The attack, dubbed "Big Bang," begins with a phishing email se...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/02 9:7 a.m.61 views

Facebook Admits Sharing Users' Data With 61 Tech Companies

Facebook has admitted that the company gave dozens of tech companies and app developers special access to its users' data after publicly saying it had restricted outside companies to access such data back in 2015. It's an unusual clear view of how the largest social networking site manages your...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/06/06 2:23 p.m.61 views

Destructive and MiTM Capabilities of VPNFilter Malware Revealed

It turns out that the threat of the massive VPNFilter botnet malware that was discovered late last month is beyond what we initially thought. Security researchers from Cisco's Talos cyber intelligence have today uncovered more details about VPNFilter malware, an advanced piece of IoT botnet malwa...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/03/13 4:37 p.m.61 views

13 Critical Flaws Discovered in AMD Ryzen and EPYC Processors

Security researchers claimed to have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD's Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. A...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2018/02/26 8:38 a.m.61 views

Android P Will Block Background Apps from Accessing Your Camera, Microphone

Yes, your smartphone is spying on you. But, the real question is, should you care? We have published thousands of articles on The Hacker News, warning how any mobile app can turn your smartphone into a bugging device—'Facebook is listening to your conversations', 'Stealing Passwords Using...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2017/08/08 1:54 a.m.61 views

Game of Thrones (Season 7) Episode 5 Script Leaked — Hacker Demands Millions in Ransom

The hacking group that recently hacked HBO has just dropped its second trove of documents, including a month emails of one of the company's executives, and a detailed script of the upcoming fifth episode of "Game of Thrones" Season 7, set to be aired on August 13. The latest release is the second...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2017/07/30 10:32 p.m.61 views

Hackers Take Over US Voting Machines In Just 90 Minutes

--- Image Credit: @tjhorner Today, election hacking is not just about hacking voting machines, rather it now also includes hacking and leaking dirty secrets of the targeted political parties—and there won’t be a perfect example than the last year's US presidential election. But, in countries like...

9.3CVSS7.7AI score0.17687EPSS
Exploits0
The Hacker News
The Hacker News
added 2017/07/19 12:8 a.m.61 views

WikiLeaks Reveals CIA Teams Up With Tech to Collect Ideas For Malware Development

As part of its ongoing Vault 7 leaks, the whistleblower organisation WikiLeaks today revealed about a CIA contractor responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals. According to the documents leaked by WikiLeaks, Raytheon Blackbird...

10CVSS7.3AI score0.93688EPSS
Exploits5
The Hacker News
The Hacker News
added 2016/12/14 1:7 a.m.61 views

Microsoft releases 12 Security Updates; Including 6 Critical Patches

For the last Patch Tuesday for this year, Microsoft has released 12 security bulletins, half of which are rated 'critical' as they give attackers remote code execution capabilities on the affected computers. The security bulletins address vulnerabilities in Microsoft's Windows, Office, Internet...

7.6CVSS7.9AI score0.73289EPSS
Exploits4
The Hacker News
The Hacker News
added 2016/10/11 8:41 p.m.61 views

Microsoft Patches 5 Zero-Day Vulnerabilities Being Exploited in the Wild

Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether, whether you like it or not. That's because the company is kicking off a controversial new all-or-nothing patch model this month...

9.3CVSS7.6AI score0.68684EPSS
Exploits0
The Hacker News
The Hacker News
added 2013/09/24 4:15 a.m.61 views

New Mac OS Malware exploited two known Java vulnerabilities

A new Mac OS Malware has been discovered called OSX/Leverage.A, which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user’s machine. The Trojan named 'Leverage' because the Trojan horse is distributed as an application disguised as a...

10CVSS2.8AI score0.98704EPSS
Exploits14
The Hacker News
The Hacker News
added 2011/12/21 5:33 p.m.61 views

China Software Developer Network (CSDN) 6 Million user data Leaked

China Software Developer Network CSDN 6 Million user data Leaked The "Chinese Software Developer Network" CSDN, operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name,...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/11/30 6:51 p.m.61 views

Nullcon GOA 2012 - International Security Conference

Nullcon GOA 2012 - International Security Conference The open security community is a registered non-profit society and by far the largest security community in India with more than 2000 members comprising of information security professionals, ethical hackers and law enforcement professionals...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/09 6:53 a.m.60 views

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday...

9.8CVSS8.6AI score0.84345EPSS
Exploits5
The Hacker News
The Hacker News
added 2024/08/19 10:49 a.m.60 views

How to Automate the Hardest Parts of Employee Offboarding

According to recent research on employee offboarding, 70% of IT professionals say they've experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn't deprovisioned, a surprise bill for resources that aren't in use anymor...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/16 11:40 a.m.60 views

Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

Chinese-speaking users are the target of an ongoing campaign that distributes a malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs...

9.3CVSS8.5AI score0.99933EPSS
Exploits29
The Hacker News
The Hacker News
added 2024/08/06 4:16 a.m.60 views

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning ERP system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS...

9.8CVSS9.7AI score0.99427EPSS
Exploits27
The Hacker News
The Hacker News
added 2024/07/17 5:25 a.m.60 views

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 CVSS score: 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been describ...

8AI score0.9921EPSS
Exploits11
Total number of security vulnerabilities5000